As always, when this is discussed, people slide between encrypted
qubes and hidden qubes.
They are completely different.
If you want encrypted qubes you can do this right now.
Create a new lvm pool on a new encrypted device, register that pool with
Qubes, and use it to create new qubes.
When you want to use such a qube, decrypt the container, and use the
qube as you will - when you are finished, close the encrypted
container.
(You could do this with multiple pools, of course, and script the
encryption/startup.)
This will guard against the opportunistic thief who takes your machine
when you are using it, (so the main luks device is decrypted), but those
qubes are not decrypted and not in use.
If you want a RAM based qube you can do this right now, by creating a
pool in RAM, and running qubes there. This adds a little to the security
of a stock disposable.
Neither of these are hidden.
It’s much more difficult to guard against forensic analysis which may
show that qubes have been used, although they do not apparently exist on
the system.
(People who discuss this often want plausible deniability.)
I don’t see many people being really clear about what they want, what the
security benefits will be, providing concrete solutions, or even
steps toward those solutions. I do see a lot of vague hopes.
When I comment in the Forum or in the mailing lists I speak for myself.